Secure identification, verification and authorization using a secure portable device

ABSTRACT

A system for providing authorization is disclosed. The system includes a server configured to: allow a user to conduct a transaction using a computer, and present an image to the user in connection with the transaction, the image having information embedded therein, and a portable device configured to: allow the user to capture the image, store predetermined information, capture input information from the user, the input information to be used to ensure that the user is authorized to use the portable device, and generate an output based on the information embedded in the image and the predetermined information. The server is further configured to receive the output from the portable device and evaluate the output to determine if the user has authorized the transaction.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.11/084,333 by Han Kiliccote, which was filed on Mar. 18, 2005, entitled“Secure Identification, Verification and Authorization Using a SecurePortable Device,” and which claimed the benefit of priority from U.S.Provisional Patent Application Nos. 60/626,146 which was filed on Nov.8, 2004, and 60/632,756 which was filed on Dec. 3, 2004, whichapplications are hereby fully incorporated herein by reference for allpurposes.

BACKGROUND OF THE INVENTION

The present invention relates generally to secure transactions, and morespecifically, to methods and devices for providing secureidentification, verification and authorization using a portable securedevice.

There are many applications where authentication can be usefulincluding, for example, e-commerce transactions, secure system access,etc. Authentication technologies are generally implemented to verify theidentify of a user prior to allowing the user to have ability to performcertain tasks, such as, accessing confidential information or conductingauthorized transactions. Many authentication systems are known in theart and the methodologies associated with these systems cover a widerange of techniques.

The use of credit and debit cards to conduct payment transactions isvery popular. Credit and debit cards can be used for paying telephonecharges and purchase transactions. With the burgeoning growth of onlineor e-commerce, the use of credit and debit cards to pay for onlinetransactions is also increasing. Such increase use of credit and debitcards also results in increase in identity theft crimes including creditcard fraud. In response, card issuers are employing various differentmeasures in order to minimize and/or prevent such crimes. For example,in order to provide sufficient authentication, a user may be required toprovide additional information during the card approval process, suchas, certain numbers printed on the back of the card, the postal zip codefor the billing address associated with the card, or a personaidentification number (PIN) linked to the card. Because such informationis static, it may be of nominal effectiveness. In one existing system,an apparatus is provided for identifying an individual. The apparatusemploys a static value and a dynamic variable to generate passwords. Forevery transaction to be completed, a fixed code is entered into the cardby the user at the start of the access request procedure. This fixedcode constitutes the static value. The dynamic variable is producedwhich varies dynamically as a function of time. The static value and thedynamic variable are next used as input parameters of a secretencryption algorithm implemented in order to produce a password in thecard. This password is displayed on the card and the user is invited totransfer it to a server. The fixed code is also transferred to theserver. The server then calculates the password by using the sameencryption algorithm and the dynamic variable. The password generated bythe password is compared with the password transmitted to the server bythe user. In the event of matching, authorization for access to thefunction can be delivered. It will be noted that the dynamic variable isa time-dependent dynamic value. Since this variable is necessarilyproduced independently, both in the card and in the server, the clocksof these two facilities used to produce the dynamic variable on eachside must be synchronized with a given accuracy. As a result, theapparatus requires time-dependent synchronization and shared secretkeys.

Another existing system discloses a method and apparatus for securecredit card transactions. This apparatus comprises an authorizationcomputer and a credit card that work in conjunction with each other toenhance the security of credit card transactions. More specifically, thesystem includes a smart credit card that has a microprocessor,associated memories and a liquid crystal display. The credit card isused to produce a unique verification number by processing a transactionsequence number with an encryption algorithm. The verification number isthen displayed in the display device, and can be transmitted to theauthorization computer along with a customer identifying account number.The computer, which is used for authorizing the credit card transactionsfor the customers of the credit card issuer, uses the account number toaccess an account file for the credit cardholder. The account filecontains a de-encryption algorithm, which is complementary to theencryption algorithm of the credit card, such that the computer can usethe de-encryption algorithm together with the verification number toproduce a computed transaction sequence number. Both transactionsequence numbers, the one in the card and the one in the computer, arechanged by increment after the authorized transaction so that adifferent verification number is generated and used in the authorizationin each subsequent credit card transaction. Synchronization between thecard and the computer is required.

In another existing system, a portable information and transactionprocessing system and method utilizing biometric authorization anddigital certificate security is disclosed. The system uses a portableclient PDA with touch screen, microphone, and CPU for processing voicecommands, and processing biometric data to verify a user. In fact, thesystem requires the use of a PDA in which the user stores his financialand personal information. A digital certificate is downloaded from acentral server of a service provider. The digital certificateaccomplishes the goal of identification verification by checking whetherthe digital certificate is expired before providing any credit cardinformation. This system is intended for managing financial data. Theforegoing system requires use of shared secret keys between the user andthe verifier. It also requires time-dependent synchronization for userverification purposes.

Another prior art system discloses a token issuing system, a mobilecommunication means, a token verification system and tokens. A user ofthe mobile communication means can use this system by ordering a certaintoken from the token issuing system, which produces a token andtransmits the token to the mobile communication means. The user of themobile communication means can then later use the token by effecting thetransfer of the token to the token verification system, which receivesand processes the token, and allows the user to obtain the benefit,right, or product associated with the token. In one embodiment, the userof the mobile communication means types the token on a keypad of theverifying system. The verifying system can include a scanning or imagecapture device for reading information on a display of the mobilecommunication means. The verifying system can comprise a digital camerafor obtaining images. In another embodiment, the mobile communicationmeans displays the token as a bar code on a display of the mobilecommunication means. The verifying system uses a shared key to decryptthe encoded string received from the mobile communication means.

Another prior art system discloses an authentication and verificationmethod and apparatus employing tokens. The token, which can be acredit-card sized clip or carried as part of a key chain, works inconjunction with hardware or software running on a supplier's serversystem to generate a new, unpredictable code every 60 seconds that isknown to the supplier server. For instance, each user may receive apersonal token having a hidden 6-digit numerical string. The userfurther selects a 4-digit personal identification number (PIN) that isappended to the hidden numerical string in the token. The user'spassword is therefore the combination of the 4-digit PIN plus the hidden6-digit numerical string. The 6-digit numerical string in the tokenautomatically changes every 60 seconds. A security server compares theuser-entered password with its knowledge of what password should havebeen entered for that 60-second period. The foregoing system requirestime-dependent synchronization. Further, the passwords change every 60seconds.

Hence, it would be desirable to provide methods and devices that arecapable of providing secure transactions in a more efficient manner.

SUMMARY

A system for providing authorization is disclosed. In one embodiment,the system includes a server configured to: allow a user to conduct atransaction using a computer, and present an image to the user inconnection with the transaction, the image having information embeddedtherein, and a portable device configured to: allow the user to capturethe image, store predetermined information, capture input informationfrom the user, the input information to be used to ensure that the useris authorized to use the portable device, and generate an output basedon the information embedded in the image and the predeterminedinformation. The server is further configured to receive the output fromthe portable device and evaluate the output to determine if the user hasauthorized the transaction.

In one aspect, a method of providing authorization is disclosed. Themethod includes configuring a server to: allow a user to conduct atransaction using a computer, present an image to the user in connectionwith the transaction, the image having information embedded therein,configuring a portable device to: allow the user to capture the image,store predetermined information, capture input information from theuser, the input information to be used to ensure that the user isauthorized to use the portable device, and generate an output based onthe information embedded in the image and the predetermined information,and configuring the server to receive the output from the portabledevice and evaluate the output to determine if the user has authorizedthe transaction.

In another aspect, a method of providing authorization is disclosed. Themethod includes presenting an image to a user in connection with atransaction, the image having information embedded therein, configuringa portable device to: allow the user to capture the image, storepredetermined information, capture input information from the user, theinput information to be used to ensure that the user is authorized touse the portable device, and generate an output based on the informationembedded in the image and the predetermined information, receiving theoutput generated by the portable device, and evaluating the output todetermine if the user has authorized the transaction.

It is understood that other embodiments of the present invention willbecome readily apparent to those skilled in the art from the followingdetailed description, wherein various embodiments of the invention areshown and described by way of illustration. As will be realized, theinvention is capable of other and different embodiments and its severaldetails are capable of modification in various other respects, allwithout departing from the spirit and scope of the present invention.Accordingly, the drawings and detailed description are to be regarded asillustrative in nature and not as restrictive.

BRIEF DESCRIPTION OF THE DRAWINGS

Aspects of the present invention are illustrated by way of example, andnot by way of limitation, in the accompanying drawings, wherein:

FIG. 1 is a simplified schematic diagram illustrating a secure deviceaccording to one embodiment of the present invention;

FIG. 2 is a flow diagram illustrating general operations of the securedevice according to one embodiment of the present invention;

FIG. 3 is a simplified schematic diagram illustrating one authenticationapplication of the secure device according to one embodiment of thepresent invention;

FIG. 4 is a simplified schematic diagram illustrating anotherauthentication application of the secure device according to oneembodiment of the present invention;

FIG. 5 is a simplified schematic diagram illustrating one authorizationapplication of the secure device according to one embodiment of thepresent invention;

FIG. 6 is a simplified schematic diagram illustrating anotherauthorization application of the secure device according to oneembodiment of the present invention;

FIG. 7 is a simplified schematic diagram illustrating one digitalsignature application of the secure device according to one embodimentof the present invention;

FIG. 8 is a flow diagram illustrating general operations of a documentdistribution application using the secure device according to oneembodiment of the present invention;

FIG. 9 is a simplified schematic diagram illustrating one onlinee-commerce application of the secure device according to one embodimentof the present invention;

FIG. 10 is a simplified schematic diagram illustrating one check-outapplication of the secure device according to one embodiment of thepresent invention;

FIG. 11 is a simplified schematic diagram illustrating another check-outapplication of the secure device according to one embodiment of thepresent invention; and

FIG. 12 is a simplified schematic diagram illustrating onephishing-prevention application of the secure device according to oneembodiment of the present invention;

DETAILED DESCRIPTION

The detailed description set forth below in connection with the appendeddrawings is intended as a description of various embodiments of thepresent invention and is not intended to represent the only embodimentsin which the present invention may be practiced. The detaileddescription includes specific details for the purpose of providing athorough understanding of the present invention. However, it will beapparent to those skilled in the art that the present invention may bepracticed without these specific details. In some instances, well-knownstructures and components are shown in block diagram form in order toavoid obscuring the concepts of the present invention.

The present invention may be used for a number of different purposesincluding, for example, authentication, authorization, secure documentdistribution and guarding against phishing attacks, as will be furtherdescribed below. The present invention may be used in both the offlineand online environments and provide on-demand input capability.

One or more embodiments of the present invention will now be described.FIG. 1 illustrates one secure device 100 according to one embodiment ofthe present invention. The secure device 100 may include a processor110, an image capture device or circuit 120, an input unit 130, anoutput unit 140 and a memory 150. The secure device 100 may beincorporated as part of a token, card, badge, key fob, personal digitalassistant (PDA), and cellphone, etc.

The processor 110 may include control logic configured to controloperations of the secure device 100 including, for example, managingdecryption and encryption functions. In some embodiments, the processor110 may be implemented in the form of a smartcard. The smartcard mayinclude a ciphering unit and a secure memory for storing, public keys,private keys and/or shared keys.

The image capture circuit 120 may include a digital camera or othertypes of image capturing devices. The image capture circuit 120 is usedto capture image and/or video information. The captured image and/orvideo information may include a barcode including an one-dimensionalbarcode, such as a linear barcode, or a multi-dimensional barcode, suchas a 2D barcode, multiple barcodes in a single image or multiplebarcodes in multiple images where multiple images form a stream ofimages or a video. As will be further described below, the capturedimage and/or video information is used and processed for a number ofdifferent purposes.

The input device 130 may include a keypad, a touch sensitive screen, abiometric input unit or other types of devices that are capable ofallowing a user to provide input information. The biometric input unitmay include at least one of a fingerprint recognition module and afacial recognition module. As will be further described below, the inputinformation may be used for identification purposes to allow the securedevice 100 to be activated by the user, as well as other purposes.

The output unit 140 may include a LCD (Liquid Crystal Display). Thedisplay 140 is used to display information to a user of the securedevice 100.

The memory 150 may include any type of storage devices that can be usedto store information.

The secure device 100 generally operates in the following manner, asshown in FIG. 2. At block 200, the secure device 100 via the imagecapture circuit 120 captures information on a still or moving image or astream of images. The stream of images may constitute a video. The imageor video may include, for example, a linear or 2D barcode. Multiplebarcodes may be embedded in the same image, or alternatively, multiplebarcodes may be transmitted in multiple frames or images. The image orstream of images contain embedded information that is relevant to thetransaction to be conducted. The information embedded in the image orstream of images may be created using any one of a number of well-knowndecryption/encryption algorithms, such as, a symmetric system usingshared keys an asymmetric system using public/private key pairs. Forexample, the information embedded in an image may be encrypted using apublic key or signed by a private key. Based on the disclosure andteachings provided herein, a person of ordinary skill in the art willknow how to select the appropriate decryption/encryption algorithm foruse according to the present invention.

At block 210, the secure device 100 also prompts a user to provideidentification information via the input unit 130. The identificationinformation may include a personal identification number (PIN), apassword, and/or biometric information. The identification informationis used to identify the user to ensure that the user is authorized touse the secure device 100.

At block 220, the secure device 100 via the processor 110 decodes thecaptured image or video and extracts the relevant embedded information.The processor 110 has knowledge of the encryption algorithm that is usedto create the image and thus is able to use the corresponding decryptionalgorithm to decode the captured image. The decryption algorithm may useone or more input parameters for decoding. For example, if the image iscreated using a public key, the corresponding private key (as well asother information, such as, predetermined information stored in thememory 150 and the input information provided by the user) may be usedto decrypt or decode the captured image. The predetermined informationmay include, for example, address information, personal profileinformation and payment account information. The secure device 100 alsochecks the identification information provided by the user to verify orauthenticate the user's identity. The identification informationprovided by the user is checked against information previously suppliedby the user during registration.

At block 230, upon successful verification of the user's identity anddecoding of the captured image, the secure device 100 generates theappropriate instructions or information for the user. The instructionsor information may then be provided via the output unit 140 for furtheraction by the user. The user may act on the instructions or informationin a number of ways. For example, the instructions or information may betransmitted in the form of a radio or sonic signal. The transmittedsignal may then be received by another party, such as, a merchant,seller, vendor or third-party service provider, for use in connectionwith various purposes, as will be further described below.

The secure device 100 can be deployed in a number of applications. Inone illustrative application, the secure device 100 is used to effectauthentication, as shown in FIG. 3. Authentication is needed for anysystem where the identity of a user has to be ascertained. As shown inFIG. 3, a user visits a website and is presented with a log-on screen300. The user is required to enter certain correct information (such as,company ID 310, user ID 320 and password 330) before further access tothe website is granted. In addition, the log-on screen 300 furtherdisplays an image or video 340. The image or video 340, such as a linearbarcode, or multiple barcodes in moving images contain certain embeddedinformation that will be used to derive the corresponding authenticationcode 350. The correct authentication code 350 has to be entered in orderto allow the user to continue to access the website.

The user activates the secure device 100 and uses the secure device 100to scan the image or video 340. As part of the activation process, theuser may need to enter a password or other types of identificationinformation into the secure device 100 to ensure that the user isauthorized to use the secure device 100. The secure device 100 thenderives the authentication code 350 and other relevant information 360based on the embedded information stored in the scanned image or video340 and, optionally, other types of information including, for example,predetermined information stored in the secure device 100 andidentification information provided by the user. The derivation processmay be performed using an encryption, a decryption or a messageauthentication algorithm. If the image 340 has been generated using anencryption or decryption algorithm, the derivation process maycorrespond to the encryption or decryption algorithm used to create theinformation embedded in the image or video 340. The authentication code350 and other relevant information 360 are displayed on secure device100 for viewing by the user. The user may then key in the authenticationcode 350 as well as other required information (such as, company ID 310,user ID 320 and password 330) to obtain further access to the website.Since the website initially provides the image or video 340, the websitealso has knowledge regarding the correct authentication code 350corresponding to the information embedded in the image or video 340. Theforegoing method may also be used to identify users or authenticateusers to computer terminals, servers, and devices, etc.

If the output of the secure device 100 is transmitted in the form of aradio or sonic signal, a corresponding reception device at a station(such as, a computer, terminal or server) receiving the transmittedsignal may deem the user identified if the signal corresponds to anexpected value at the station for a specific user and secure device 100previously registered for that station.

The secure device 100 may also be used to identify or authenticatepersons for physical access to structures and/or vehicles through entrypoints, such as, doors and gates. If the output of the secure device 100is transmitted in the form of a radio or sonic signal, a station (e.g.,a merchant, seller, vendor, third part service provider, guard)receiving the transmitted signal may deem the user identified if thesignal corresponds to an expected value at the station for a specificuser and secure device 100. If, on the other hand, the output is in theform of a visual display displayed on the secure device 100, the usercan enter the displayed information on a keypad attached to the station.The user can also read the information to a machine or a person over thetelephone at the station. The user can also write down the displayedinformation on paper for immediate or later processing. The display maydisplay an image that can be captured with a camera at the station,thereby eliminating the need for user to enter, read or write down theinformation.

In the identification mode, the output from the secure device 100received at a station may be compared to all the registered users anddevices to identify the user and the secure device 100 that wouldgenerate the expected output. With suitable selection of the encryptionprotocols, the output can be rendered deterministically orprobabilistically unique for each user and device combination.

The image or video captured by the secure device 100 may also includeadditional information, such as, information relating to a website,server, terminal, device, structure or vehicle which the user is gainingaccess to. The image or video captured by the secure device 100 mayfurther include a description of the action, such as, login to a serveror terminal or access to a structure. In addition, the image or videocaptured by the secure device 100 may include a unique number, nonce, atransaction number or a random number, a number that the secure device100 will use to derive the authentication code. Furthermore, the imageor video captured by the device may include a digital signaturegenerated by a trusted party.

The authentication process can also be accomplished in two steps toimprove the security. The user may provide his or her information suchas company ID, user ID, and a password in the first step of theauthentication. The terminal, server, or website receiving theinformation may generate an image in the second step of theauthentication process. The image generated in the second step of theauthentication process may contain information specific for the user.Such information may include the identity of the user as established bythe first step and a piece of information that can be used to preventreplay attacks. The piece of information that can be used to preventreplay attacks include, for example, time of the last login, a sequencenumber assigned at the last authentication process, or a sequence numbergreater than a number embedded in the image at the last authenticationprocess. Furthermore, such information may be digitally signed toprevent other parties from generating such information. The securedevice 100 can be used to capture such information and the secure device100 may verify the validity of such information by verifying thesignature and the piece of information added to prevent replay attacks.For example, the secure device 100 may verify that the sequence numberused by the site is larger than the last sequence number that the securedevice 100 has captured.

The speed of the authentication process can be increased by establishinga secret key shared by the secure device 100 and the website, server orterminal requiring authentication. Such shared secret key can beselected by the website, server or terminal requiring authentication andsent to the secure device 100 through the images that embed suchinformation. The shared secret key may be encrypted by the public key ofthe secure device 100 and signed by the private key of the website,server or terminal requiring authentication. The secure device 100, uponreceiving the information related to the shared secret key, may confirmthe validity by verifying the digital signature associated with theinformation. Upon verification, the secure device 100 may store theshared secret key in a secure fashion. Any interaction with the website,server or terminal requiring authentication can use the shared secretkey to create shorter signatures. Furthermore, such signatures can becreated and verified faster than the digital signatures created usingasymmetric encryption algorithms.

In another illustrative application, the secure device 100 can be usedto effect authentication in an alternative manner, as shown in FIG. 4.Similarly, the user uses the secure device 100 to derive theauthentication code 410 and other relevant information 420 from thescanned image or video 400. The secure device 100 then further promptsthe user to enter his/her personal identification number (PIN) 430and/or other identification information. The PIN 430 and/oridentification information may then be forwarded by the secure device100 in the form of a message to the website server 440 via, for example,a wide area network (such as, a cellular or wireless network), SMS(Short Message Service), EMS (Extended Message Service), or other typesof message delivery services or protocols. The message may includeidentity of the user and secure device 100, a unique value generated bythe secure device 100, and a unique number, nonce, a transaction numberor a random number embedded in the image. The message might be digitallysigned and encrypted to protect and prove the identity of the user andthe secure device 100 and also to prevent eavesdropping. If a sharedsecret key has been established previously, the shared secret key canalso be used to increase the speed of the encryption and signaturegeneration and shorten the message length.

The server 440, by using the unique number, the nonce, the transactionnumber or the random number transmitted with the message, may identifythe session that the user is using to authenticate his or her identityand may then deem the session as authenticated, thereby allowing theuser to conduct any desired transactions on the website. In oneembodiment, the secure device 100 may be implemented as part of a cellphone or a personal digital assistant.

In another illustrative application, the secure device 100 can be usedto effect authorization, as shown in FIG. 5. Initially, the user may beauthenticated for permission to enter a website, terminal, server ordevice using the secure device 100 as described above or through othermechanisms. It is also possible that no prior authentication took place.After the user successfully logs in to the website, terminal, server ordevice, the user may perform a desired transaction, such as,transferring money between accounts. Such desired transaction may needto be further authorized to provide additional security. For example, asshown in FIG. 5, the user may complete a form 500 to effect transfer ofmoney between accounts. Upon hitting the “transfer” button 510, thewebsite, terminal, server or device displays an image or stream ofimages 520 and a blank designated entry 530 for a confirmationsignature. The image or stream of images 520 include embeddedinformation relating to the transfer transaction and possibly a uniquetransaction number. The embedded information might be encrypted anddigitally signed for authentication purposes to prevent eavesdropping.The correct confirmation signature has to be provided in order to effectthe transfer. The correct confirmation signature can be derived from theinformation embedded in the image or stream of images 520 using thesecure device 100. More specifically, the user may use the secure device100 to scan the image or stream of images 520. The secure device 100 maythen decode the scanned image or stream of images 520 and derive theembedded information. The derived information relating to the transfertransaction may then be shown on a display 540 by the secure device 100for viewing by the user. The user may then verify the information. Theuser may optionally be asked to enter his or her personal identificationnumber for authentication.

Upon completion of the authentication process, the secure device 100 maygenerate the corresponding confirmation signature 550. The confirmationsignature may be a digital signature generated based on embeddedinformation contained in the image or stream of images 520 and,optionally, other types of information, such as, an identification codethat uniquely identifies the user and the secure device 100. If a sharedsecret key has been established beforehand, the generated confirmationsignature may also be an authorization code derived from the identity ofthe user and secure device 100, the transaction information and theshared secret key. The user may then input the generated confirmationsignature or authorization code into the designated entry 530. Thewebsite, terminal, server or device may then check the generatedconfirmation signature or authorization code relative to the informationembedded in the image or stream of images 520. If the generatedconfirmation signature is correct for a specific user and/or securedevice 100, the transfer transaction will be completed. Furthermore, thegenerated confirmation signature may be used as undisputed proof thatthe user has authorized the transfer transaction, thereby preventing theuser from denying having performed the transaction.

In a similar illustrative application, the secure device 100 can be usedto effect authorization in an alternative manner, as shown in FIG. 6.The authorization process is similar to that described in connectionwith FIG. 5 above. Alternatively, upon the secure device 100 generatingthe confirmation signature or authorization code, the secure device 100may transmit the generated confirmation signature or authorization codeto a transaction server 600 handling the transaction. The generatedconfirmation signature or authorization code may be transmitted in theform of a message in a number of ways including, for example, a widearea network (such as, a cellular or wireless network), email, SMS andEMS. The message may also include the unique transaction number embeddedin the image or stream of images. In response, upon receiving thegenerated confirmation signature or authorization code, the transactionserver 600 may then use the transaction number to identify the sessionand check the generated confirmation signature or authorization coderelative to the information embedded in the image or stream of imagesand, if appropriate, effect the transaction and display the confirmationinformation 610 to the user.

Authorization involving multiple parties, such as credit and debit cardtransactions, can also be achieved. For example, the authorization canbe achieved by embedding values derived from the transaction with secretinformation shared by the user of the secure device 100 and the otherparties. The secrets shared by the user of the secure device 100 and theother parties can be credit card numbers, the expiration date of thecard, the registered address of the user, and a password established bythe user. The other parties can be merchants, banks, credit cardissuers, and service providers that may need to be involved with thetransaction. A party receiving a user response can forward the responseto any of the other parties for verification purposes. Suchauthorization may be used in connection with an online e-commercetransaction, as will be further described below.

In another illustrative application, the secure device 100 can be usedto provide offline digital signature to effect authorization, as shownin FIG. 7. A sender seeking authorization for a transaction forwards aprinted form 700 to a user. The printed form 700 includes certaintransaction information as well as an image 710, such as a barcode, or aset of images, such as a set of barcodes. The image 710 includesembedded information relating to the transaction. The user using thesecure device 100 scans the image 710. The secure device 100 may thenprompt the user to enter his/her personal identification number (PIN)720 for authentication purposes. Once the correct PIN 720 is entered,the secure device 100 decodes the scanned image 710 and derives theembedded transaction information. The transaction information is thenshown via a display 730 on the secure device 100 to the user. The usermay then provide approval of the transaction by entering thecorresponding command into the secure device 100. The secure device 100may then generate the corresponding confirmation signature orauthorization code 740 based on the information embedded in the image710 and optionally the PIN 720 of the user and display the generatedconfirmation signature or authorization code 740 to the user. Inresponse, the user may then provide the generated confirmation signatureor authorization code 740 to the sender to confirm authorization via,for example, a telephone, a wide area network (such as, a cellular orwireless network), an email, SMS message, EMS message or facsimile 750.Since the sender initially provides the image 710, the sender also hasknowledge with respect to the corresponding confirmation signature orauthorization code. As a result, by receiving the generated confirmationsignature or authorization code 740 from the user, the sender may verifywhether the user is authorized to provide approval for the transaction.

In another illustrative application, the secure device 100 can be usedto provide secure document distribution. FIG. 8 illustrates the logicflow with respect to using the secure device 100 to provide securedocument distribution. At block 800, a document is created and securedusing a password. The password can be viewed as the correct answer to achallenge. The challenge is presented to someone who attempts to accessthe secured document. At block 810, a message, such as an email, instantmessage (IM), SMS or EMS message, is created for a recipient with thesecured document being included as an attachment. At block 820, an imageor a stream of images is created. The image or stream of images includesembedded information relating to the password used to secure thedocument. The information embedded in the image or stream of images canbe created using public keys that are stored locally or centrallymanaged. In one implementation, creation of the image or stream ofimages may be automated. For example, using the Microsoft Officeapplication, a plug-in can be added to allow the image or stream ofimages containing the password to be inserted automatically into amessage, such as an email; alternatively, the image or stream of imagesmay also be created for S/MIME compatibility on an automated basis bygenerating a one-time certificate and attaching the certificate to theimage or stream of images or encrypting the certificate with a randomlygenerated password, storing the certificate at a server and providingthe password and the location of the certificate to the user through theimage or stream of images.

At block 830, the image or stream of images is also included as part ofthe message. At block 840, the message including the secured documentand the image or stream of images is delivered to the recipient. Atblock 850, upon opening the message, the recipient may use the securedevice 100 to scan the image or stream of images. At block 860, uponretrieving the images or stream of images, the secure device 100 maythen derive the embedded information from the images or stream of imagesincluding information relating to the password. Such information is thendisplayed to the user. At block 870, the user uses such information toaccess the secured document. For example, a challenge may be presentedto the user when the user attempts to access the secured document. Uponproviding the password, the challenge is satisfied and the secureddocument can be accessed by the user. It can be seen that the securedevice 100 provides a number of benefits with respect to secure documentdistribution. For example, the secure device 100 enables secure documentdistribution without incurring any additional software resources on therecipient. Furthermore, the recipient does not have to manage anydigital certificates, nor does the recipient have to install any driversfor hardware tokens. Finally, the recipient may use distrusted terminalsto retrieve secured documents.

In a similar illustrative application, the secure device 100 can be usedto effect digital rights management. The document may contain an accesscontrol list to limit the users to certain operations. For example, onlycertain users might be allowed to open, modify, change, copy and/orprint the information embedded in a document or media, such as, music orvideo. Furthermore, the digital certificates of the users might beembedded in the document or media directly. When a user tries to open,modify, change, print and/or copy the document or media through aprogram, the program might generate a challenge for a specific userdynamically. The challenge might be embedded in an image or stream ofimages which, for example, contain barcodes. In response to thechallenge, the user scans the image or stream of images using the securedevice 100. The user might be optionally asked to provide a password toeither the secure device 100 or the program. The secure device 100 mightuse the private key of the certificate associated with the user orsecure device 100 to generate an authentication code in response to thechallenge. The user may then provide the authentication code by enteringit manually on a terminal. The secure device 100 might also generateradio or sonic signals that might be captured by the terminal. Thesecure device 100 might also send a message, such as email, SMS or EMSmessage, to a server to provide the authentication code. The programupon receiving the authentication code confirms the identity of the userby comparing the response received. If the identity of the user isconfirmed and the operation that the user is trying to accomplish isallowed, the program performs the operation.

In a further illustrative application, the secure device 100 can be usedto conduct transactions using images displayed on printed materials,such as books, signs, and catalogs, or transmitted to computers ortelevision screens, as shown in FIG. 9. An image 900 or stream of imagescan be displayed on a catalog, book or sign. The image 900 or stream ofimages may also be shown on a television or computer screen. The image900 or stream of images may include embedded information relating to aparticular product or service (such as, product or service descriptionand transaction identification), information related to a merchantproviding the product or service, a public key assigned to the merchant,a digital signature of the public key, a digital signature for thetransaction, the Internet address of the merchant, etc. Using the securedevice 100, a user may scan the image 900 or stream of images. Thesecure device 100 may then derive the relevant information relating tothe product or service and display such information to the user as shownin block 910. The secure device 100 may further allow the user toconduct a transaction as shown in blocks 920-960. For example, as shownin block 920, the user may use the secure device 100 to enter selectionand purchase information. Upon receiving the selection and purchaseinformation, the secure device 100 may then display the summarizedtransaction information to the user, as shown in block 930. If the useragrees with the summarized transaction information, the user may thenauthorize the transaction. As shown in block 940, the secure device 100may require the user to provide a PIN to ensure that the user isauthorized to order the transaction. Upon verifying the PIN provided bythe user, the secure device 100 may then proceed with the transaction,for example, by allowing the user to select a shipping address anddisplaying the fatal transaction information to the user, as shown inblock 950-960. In addition, the secure device 100 may also allow theuser to designate how the transaction is to be paid for, as shown inblocks 970-980. The secure device 100 may then forward the relevanttransactional information to a server associated with the merchant forfurther processing, as shown in block 990. Such information may beforwarded to the merchant using a number of different methods including,for example, a wide area network (such as, a cellular or wirelessnetwork), SMS, EMS or other types of message delivery services. Theinformation may be encrypted. In addition, the secure device 100 mayalso forward a digital signature or authorization code associated withthe transaction and generated by the secure device 100 to the server.The digital signature or authorization code may be used to prove thatthe transaction was legitimately ordered by the secure device 100. Uponthe server completing the transaction, confirmation information can besent by the merchant to the secure device 100 for viewing by the user,as shown in block 992.

Alternatively, the transaction can be handled via a third party serviceprovider. The image or stream of images can be generated by the thirdparty service provider. In this case, the public key and the serveraddress of the third party service provider can be embedded in thesecure device 100. The server of the third party service provider canconduct the transaction on behalf of the user of the secure device 100.The secure device 100 upon deciphering the image or stream of images cansend a confirmation to the third party service provider through, forexample, a wide area network (such as, a cellular or wireless network).The third party service provider can then cooperate with the serverassociated with the merchant to complete the transaction including, forexample, transferring the information required to complete thetransaction, such as payment and shipping information, to the serverassociated with the merchant. The third party service provider may alsobill the user of the secure device 100 directly for the transactionamount.

In the situation where there is no communication channel between thesecure device 100 and the third party service provider or the merchant,the secure device 100 and the third party service provider or merchantcan utilize a shared secret key and identification information assignedto the secure device 100 or to the user of the secure device 100. Theshared secret key and the identification information are previouslyprovided to the secure device 100 and the service provider. The securedevice 100 can capture the image or stream of images and decode itsembedded information. The secure device 100 can then combine the decodedinformation and the identification information and encode thecombination using the shared secret key. The encoded value, including aportion of the identification information, can be displayed on thesecure device 100. The user may then provide the encoded value to theterminal, device, or website or may call the merchant or third partyservice provider to provide the encoded information. The third partyservice provider, upon receiving the encoded value, can send theinformation to the merchant for identification and verificationpurposes. The merchant, upon receiving the encoded value, can derive theidentity of the user and verify that the secure device 100 has been inlegitimate possession of the user.

In another illustrative application, the secure device 100 can be usedin a checkout process, as shown in FIG. 10. At block 1000, uponcheckout, a register generates an image or a stream of images for atransaction. The image or stream of images includes embedded informationrelating to the transaction. The image or stream of images is presentedto the user. The user then uses the secure device 100 to scan the imageor stream of images. The secure device 100 then derives the relevantinformation relating to the transaction from the barcode and displayssuch information to the user, as shown in block 1010. The user may thenauthorize the transaction. The secure device 100 may further require theuser to provide a PIN, as shown in block 1020, to ensure that the useris indeed authorized to approve the transaction. If the correct PIN isprovided, the secure device 100 generates its own image or stream ofimages, as shown in block 1030. The image or stream of images generatedby the secure device 100 may include relevant transaction and paymentinformation including, for example, credit card or other payment accountinformation. The image or stream of images is then provided to theregister, as shown in block 1040. The register may include a scanningdevice capable of scanning the image or stream of images displayed onthe secure device 100. Upon retrieving the image or stream of imagesfrom the secure device 100, the register may then derive the relevantinformation and use such information to contact a payment server toobtain payment for the transaction, as shown in block 1050. Depending onthe information received from the register, the payment server may thenprovide the appropriate response to the register accordingly, as shownin block 1060.

In a further illustrative application, the secure device 100 can be usedin a checkout process in an alternative manner, as shown in FIG. 11. Atblock 1100, upon checkout, a register generates an image or a stream ofimages for a transaction. The image or stream of images includesembedded information relating to the transaction. The image or stream ofimages is presented to the user. The user then uses the secure device100 to scan the image or stream of images. The secure device 100 thenderives the relevant information relating to the transaction from theimage or stream of images and displays such information to the user, asshown in block 1110. The user may then further provide any additionalinformation, such as, the transaction amount, and authorize thetransaction, as shown in block 1120. The secure device 100 may furtherrequire the user to provide a PIN, as shown in block 1130, to ensurethat the user is indeed authorized to order the transaction. If thecorrect PIN is provided, the secure device 100 may then contact apayment server to complete payment for the transaction, as shown inblock 1140. Upon successfully completing payment for the transaction,the payment server may then forward the appropriate confirmationinformation to the secure device 100, as shown in block 1150. Theconfirmation information may be forwarded to the secure device 100 in anumber of ways including, for example, a wide area network (such as, acellular or wireless network), SMS, EMS and other types of messagedelivery services. Upon receiving the confirmation information, thesecure device 100 may then generate its own image or stream of images,as shown in block 1160. The image or stream of images generated by thesecure device 100 may include relevant information relating to thetransaction including, for example, the confirmation information. Theimage or stream of images may then be presented to the register forscanning. Upon retrieving the image or stream of images from the securedevice 100, the register may then derive the relevant information andconfirm that the transaction has been paid for and proceed to concludethe transaction, as shown in block 1170.

In yet another illustrative application, the secure device 100 can beused to defend against real-time phishing attacks, as shown in FIG. 12.Phishing attacks involve fraudulently capturing information from a user,for example, via a fake website, and then using such information toconduct unauthorized transactions. At 1230, a user 1200 unknowinglyprovides information to a fake website 1210, thinking that s/he isdealing with the legitimate website 1220. At 1240, the fake website1210, upon capturing the information, then uses such information tocontact the legitimate website 1220 and attempts to conduct anunauthorized transaction. At 1250, in order to confirm the transaction,the legitimate website 1220 generates an image or a stream of imagesthat requires confirmation by the secure device 100. The image or streamof images may include confirmation information relating to thetransaction. If the image or stream of images is forwarded to the securedevice 100, as shown in 1260, the secure device 100 may then derive theconfirmation information and display such information to the user,thereby allowing the user to detect that an unauthorized transaction hasbeen attempted. The user may then terminate any connection to the fakewebsite 1210. Alternatively, the legitimate website 1220 may includewarning information in the image or stream of images, such as,information alerting the user to disconnect from the website 1210 andre-connect to the legitimate website 1220 directly. To guarantee onlythe legitimate user visits the legitimate website 1220, the informationembedded in the image or stream of images may include a unique butrandomly generated number. Such a number may be combined with the URL ofthe website to form a unique URL for a specific user for a specificperiod of time. Upon deriving the relevant information from the image orstream of images, the secure device 100 may then display suchinformation to the user, thereby alerting the user to potential fraudand unauthorized transactions and also providing the user the unique URLthat the user has to enter in a browser.

The legitimate website 1220 may also detect a legitimate user by using acookie stored at the computer associated with the user. A cookie is amessage stored in a text file and given to a Web browser by a Webserver. The message is then sent back to the server each time thebrowser requests a page from the server. The main purpose of cookies isto identify users and possibly prepare customized Web pages for suchusers. A website can detect that a user has never used a particularcomputer to visit that website by requesting cookies stored in a browserassociated with that computer. The cookie stored by the browser canuniquely identify a user. In the absence of the cookie, the website mayrequest the user to visit the unique URL as described above.

In addition to the applications described above, the present inventioncan also be deployed in various other types of applications including,for example, digital signatures, encryption, secure ATM cards and securecredit cards, etc. Based on the disclosure and teachings providedherein, a person of ordinary skill in the art should know how to deploythe present invention in many other types of applications.

The various illustrative logical blocks, modules, circuits, elements,and/or components described in connection with the embodiments disclosedherein may be implemented or performed with a general purpose processor,a digital signal processor (DSP), an application specific integratedcircuit (ASIC), a field programmable gate array (FPGA) or otherprogrammable logic component, discrete gate or transistor logic,discrete hardware components, or any combination thereof designed toperform the functions described herein. A general purpose processor maybe a microprocessor, but in the alternative, the processor may be anyconventional processor, controller, microcontroller, or state machine. Aprocessor may also be implemented as a combination of computingcomponents, e.g., a combination of a DSP and a microprocessor, a numberof microprocessors, one or more microprocessors in conjunction with aDSP core, or any other such configuration.

The methods or algorithms described in connection with the embodimentsdisclosed herein may be embodied directly in hardware, in a softwaremodule executable by a processor, or in a combination of both, in theform of control logic, programming instructions, or other directions,and may be contained in a single device or distributed across multipledevices. A software module may reside in RAM memory, flash memory, ROMmemory, EPROM memory, EEPROM memory, registers, hard disk, a removabledisk, a CD-ROM, or any other form of storage medium known in the art. Astorage medium may be coupled to the processor such that the processorcan read information from, and write information to, the storage medium.In the alternative, the storage medium may be integral to the processor.

The previous description of the disclosed embodiments is provided toenable any person skilled in the art to make or use the presentinvention. Various modifications to these embodiments will be readilyapparent to those skilled in the art, and the generic principles definedherein may be applied to other embodiments without departing from thespirit of scope of the invention. Thus, the present invention is notintended to be limited to the embodiments shown herein, but is to beaccorded the full scope consistent with the claims, wherein reference toan element in the singular is not intended to mean “one and only one”unless specifically so stated, but rather “one or more”. All structuraland functional equivalents to the elements of the various embodimentsdescribed throughout this disclosure that are known or later come to beknown to those of ordinary skill in the art are expressly incorporatedherein by reference and are intended to be encompassed by the claims.Moreover, nothing disclosed herein is intended to be dedicated to thepublic regardless of whether such disclosure is explicitly recited inthe claims. No claim element is to be construed under the provisions of35 U.S.C. §112, sixth paragraph, unless the element is expressly recitedusing the phrase “means for” or, in the case of a method claim, theelement is recited using the phrase “step for”.

1. A system for providing authorization, the system comprising: a serverconfigured to: allow a user to conduct a transaction using a computer;and present an image to the user in connection with the transaction, theimage having information embedded therein; and a portable devicecomprising a camera and configured to: allow the user to capture theimage using the camera; store predetermined information, thepredetermined information including information related to the user;capture input information from the user, including input information tobe used to ensure that the user is authorized to use the portabledevice; and generate an output based on the information embedded in theimage and the predetermined information; wherein the server is furtherconfigured to receive the output from the portable device and evaluatethe output to determine if the user has authorized the transaction. 2.The system of claim 1 wherein the portable device is further configuredto generate the output using the input information captured from theuser.
 3. The system of claim 1 wherein the portable device is furtherconfigured to decode the information embedded in the image for use ingenerating the output by using a cryptographic algorithm.
 4. The systemof claim 1 wherein the input information includes one of a personalidentification number and biometric information.
 5. The system of claim1 wherein the image includes a barcode.
 6. The system of claim 5 whereinthe barcode includes a multi-dimensional barcode.
 7. The system of claim1 wherein the image includes a set of barcodes. 8-10. (canceled)
 11. Thesystem of claim 1 wherein the portable device is further configured totransmit the output to the server via a message delivery protocolcomprising the Short Message Service. 12-14. (canceled)
 15. The systemof claim 1 wherein the output includes a digital signature associatedwith the user.
 16. A method of providing authorization, the methodcomprising: configuring a server to: allow a user to conduct atransaction using a computer; present an image to the user in connectionwith the transaction, the image having information embedded therein;configuring a portable device to: allow the user to capture the image,wherein the portable device comprises a camera and the image is capturedby the camera; store predetermined information; capture inputinformation from the user, the input information to be used to ensurethat the user is authorized to use the portable device; and generate anoutput based on the information embedded in the image and thepredetermined information; and configuring the server to receive theoutput from the portable device and evaluate the output to determine ifthe user has authorized the transaction.
 17. The method of claim 16further comprising: configuring the portable device to generate theoutput using the input information captured from the user.
 18. Themethod of claim 16 further comprising: configuring the portable deviceto decode the information embedded in the image for use in generatingthe output by using a cryptographic algorithm.
 19. The method of claim16 wherein the input information includes one of a personalidentification number and biometric information, 20-23. (canceled) 24.The method of claim 16 further comprising: configuring the portabledevice to display the output to the user; and configuring the server toreceive the output, or a portion thereof, from the user via thecomputer.
 25. (canceled)
 26. The method of claim 16 further comprising:configuring the portable device to transmit the output to the server viaa message delivery protocol. 27-29. (canceled)
 30. The method of claim16 wherein the output includes a digital signature associated with theuser.
 31. A method of providing authorization, the method comprising:presenting an image to a user in connection with a transaction, theimage having information embedded therein; configuring a portable deviceto: allow the user to capture the image, wherein the portable devicecomprises a camera and the image is captured by the camera; storepredetermined information related to the user; capture input informationfrom the user, the input information to be used to ensure that the useris authorized to use the portable device; and generate an output basedon the information embedded in the image and the predeterminedinformation; receiving the output generated by the portable device; andevaluating the output to determine if the user has authorized thetransaction.
 32. (canceled)
 33. The method of claim 31 furthercomprising: configuring the portable device to generate the output usingthe input information captured from the user; and configuring theportable device to decode the information embedded in the image for usein generating the output by using a cryptographic algorithm. 34-38.(canceled)
 39. The method of claim 31 further comprising: configuringthe portable device to display the output to the user, wherein theoutput displayed to the user includes information relating to thetransaction. 40-42. (canceled)